GATEKEEPER BLOG

What is the difference between lock and log off?

What’s the difference between lock, switch user, and sign out?

GateKeeper Authentication lock options.

Windows 10 has three options when the user leaves the computer with their GateKeeper token: lock, switch user, and sign out. Each option is designed to be used in different situations. GateKeeper proximity lock allows either the user to select their default option. Similarly, admins can control enforce options for users. Picking the right option is crucial for certain industries like healthcare with EMRs.

Lock: This option will lock the computer but keep all the user’s programs running. It is similar to hitting the Windows key + L key on Windows machines. This option is great when there is only a single user on the computer – such as individually assigned laptops.

Switch User (Disconnect Session): This option will lock the computer and disconnect the current user’s session on Windows machines. This will allow another user to access their own account quickly after they authenticate using their own GateKeeper token. This method is similar to the “Switch User” option in Windows and macOS. This option is best when there are multiple users accessing the computer (shared workstation / kiosk computer).

Sign out: Signing out is logging out. This option will log out the currently connected user when their token goes out of range. This will close all running programs and ready the computer for the next user to log in.

GateKeeper Proximity can perform either lock, switch user, or sign out. Locking, switching users, or signing out can be done through proximity or token button press.

mceclip0.png

To change lock settings, follow the directions below.

Change Lock Settings from the GateKeeper Hub admin console.

All computers in the same Group will be subject to the same configurations for lock and unlock setting.

1) Login to your GateKeeper Hub admin console.

2) Click Group Settings on the left side.

mceclip0.png

3) Find the Group you want to make changes to and click “Manage Settings” to the right of the Group’s name.

mceclip1.png

 

4) Now you can edit lock settings, unlock settings, advanced settings, and limit the features end users have control over on their client computers.

 

Lock Settings

Lock_Settings_Group_Settings_Hub_admin_console_GateKeeper_Proximity_2FA_Login_for_PCs_and_websites_compliance_Hub_screenshot.jpg

Listed below are the options for each setting along their explanations for Proximity Lock Method and Button Lock Method.

Set on Client computer:Allows end-users to choose the settings on the Client application on their own computers.
Disable:Turns off the feature. Not recommended.
Lock Workstation:Auto-locks the computer. Leaves the current session active and available for any user to login.
Disconnect Session:Locks the computer and enables switching between local or AD user accounts on Windows 7 and Mac (OS 10.13 and 10.14) computers.
Logout:Logs the user out from the computer.

 

Inactivity Lock Method will lock the computer if the user is inactive (no keyboard or mouse activity) for the specified time. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use this computer. The user has the following Lock options available in the drop-down menu. Note 1: For macOS, Lock Workstation and Logout options are not supported. Note 2: For Windows 7, it is recommended to use Disconnect Session instead of Lock Workstation.

  • Disabled
  • Lock Workstation
  • Disconnect Session (Switch User)
  • Logout

Token Visibility Timeout feature allows you to set a timer for how long the computer will remain unlocked if suddenly the software receives no data from the token. Sudden signal loss  can happen if a user places their hand over the token or buries it in their pocket. This feature is set in 15-second increments (15, 30, 45, 60).

Lock Delay Timeout delays locking the computer after a lock decision has been made for this time period. Choose a value for this delay if you want to prevent the computer from locking immediately when you walk away. Important: This lock delay will only apply when the computer is locked due to proximity.

Operating System Timeout disables your screen saver from starting when your computer times out. Choose the appropriate option to keep your timeout policy enabled or to disabled. If your timeout policy is set by your network administrator, this setting will not override the network policy.

Disconnect Remote Session allows user to enable or disable disconnecting remote session when the local computer is locked. This requires the client version to be 3.9 or higher, and the GateKeeper Remote application to be installed on the remote computer.

  • Enable
  • Disable

Lock Sensitivity changes the lock/unlock distance for your computer. The higher the sensitivity, the shorter the distance needed to lock. We recommend Medium sensitivity for the best lock/unlock experience for most environments. For instance, if your computer locks while you’re working, lower the sensitivity level. Note: Applies to Client App version 3.6.9 or lower.

Motion Detection Sensitivity is useful for adapting your locking and unlocking experience in different environment. High level setting motion sensitivity will allow the computer to lock quicker. If the system is locking too much while you are sitting at your desk, reduce the motion sensitivity to the Low level.

Change Lock Settings from Client desktop application.

1. First, open your GateKeeper Client application on your PC.

2. Click Settings in the lower left.

mceclip0.png

3. You will see tabs for Lock Settings, Unlock Settings, Advanced Settings, and Server Settings. Select Lock Settings.

mceclip0.png

Lock Settings

mceclip1.png

Proximity Lock Method defines how GateKeeper automatically secures your computer when you walk away. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use this computer. The user has the following Lock options available in the dropdown. Note 1: For macOS, Lock Workstation and Logout options are not supported. Note 2: For Windows 7, it is recommended to use Disconnect Session instead of Lock Workstation.

  • Disabled
  • Lock Workstation
  • Disconnect Session (Switch User)
  • Logout

Button Lock Method defines how GateKeeper secures your computer when you press the action button on your token or phone app. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use this computer. The user has the following Lock options available in the drop-down menu. Note 1: For macOS, Lock Workstation and Logout options are not supported. Note 2: For Windows 7, it is recommended to use Disconnect Session instead of Lock Workstation.

  • Disabled
  • Lock Workstation
  • Disconnect Session (Switch User)
  • Logout

Inactivity Lock Method will lock the computer if the user is inactive (no keyboard or mouse activity) for the specified time. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use the computer. The user has the following Lock options available in the drop-down menu. Note 1: For macOS, Lock Workstation and Logout options are not supported. Note 2: For Windows 7, it is recommended to use Disconnect Session instead of Lock Workstation.

  • Disabled
  • Lock Workstation
  • Disconnect Session (Switch User)
  • Logout

Disconnect Remote Session allows user to enable or disable disconnecting remote session when the local computer is locked. This requires the Client software version to be 3.9 or higher, and the GateKeeper Remote application to be installed on the remote computer.

  • Enabled
  • Disabled

Token Visibility Timeout sets a lock timer if no token is detected within this time period – this is a backup locking mechanism if the proximity signal is not detected. 30 seconds is the default setting.

Lock Delay Timeout delays locking the computer after a lock decision has been made for this time period. Choose a value for this delay if you want to prevent the computer from locking immediately when you walk away. Important: This lock delay will only apply when the computer is locked by proximity.

Operating System Timeout disables your screen saver from starting when your computer times out. Choose the appropriate option to keep enable or disable your screensaver timeout.

Motion Detection Sensitivity is useful for adapting your locking and unlocking experience in different environment. High level setting motion sensitivity will allow the computer to lock quicker. Conversely, if the system is locking while you are sitting at your desk, reduce the motion sensitivity to the Low level.

mceclip0.png

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper proximity access control in action.

Take a self-guided tour of how your proximity-based access control can work.